E-mail or E-fail? The dangers of sharing sensitive information

Why hitting ‘Send’ on that next email isn’t as simple as it seems.

Email has fast become the go-to form of communication in the digital era.

Considering just how busy and increasingly disparate boards, trusts, and enterprises are these days, it’s easy to see why. In mere seconds, you can draft an email to a member of the board, staff, or clients anywhere, at any time. Simply attach the relevant file, and hit “Send”.

It’s little wonder the average office worker sends over forty emails daily.

The problem? Emails and attachments sent in confidence might not be confidential.

Email – A necessary evil in the early digital era

Email security flaws

In our earlier post on the potential causes of a data breach, email topped the list. There’s a good reason for that. The speed at which organisations have had to transition away from aging, analog processes has seen many embrace insecure digital solutions that leave their sensitive information vulnerable to an attack.

Avatier reported in 2017 that there were some 6,789 email data breaches globally in just two years. So while it may be easy to use, the simplicity of sending an email belies an inherently insecure communication channel.

Here’s why:

1. It’s insecure and easily intercepted

Whether you use private services or public, consumer-grade options like Gmail, emails are vulnerable to a range of attacks that put what should be private conversations at risk of being read by third parties.

Certain viruses, DNS Redirects, and Sniffers are just a few of the present-day threats that can work their way through email servers and to your sensitive information. Often without you even knowing.

2. Encryption isn’t as secure as you might think

Most organisations rely on encryption as a fail-safe, as it’s meant to ensure data is protected by scrambling an email’s contents so that only the recipient – with the requisite authentication – can see, read, and download.

That said, most encryption solutions are far from foolproof. That false sense of security can often leave you most vulnerable to attack. If your email services aren’t using industry-leading encryption, there’s no guarantee they won’t be cracked.

3. There’s no accounting for human error

When we talk about security, the focus is always squarely on technology.

The fact is, it’s often the mundane issues that prove to be an organisation’s undoing. The strongest security protocols in the world can’t account for user error or typos in the “To:” field, let alone the 69% of employees who willingly bypass security and privacy policies to access work emails on insecure personal devices.

4. Email servers are prone to attack

Emails pass through many hands on their journey from sender to recipient, often seeing them stored in the cloud – or on servers – which themselves are at risk of malicious attacks. In many cases, attackers can access this information, and then get out long before anyone is aware of the breach.

5. Files sit on the sender & recipient’s device

Once an email is sent, it’s stored in your Outbox and the recipient’s Inbox. That’s why a laptop, mobile device, or just about any piece of technology left on – and logged in – is an easy ingress point for partners, disgruntled co-workers, or even rogue employees looking to access this information.


The security stats? They’re sobering…and so are the costs

The cost of email breaches

If the above examples don’t have you reconsidering composing that following email, then these facts, stats, and figures should. Email convenience comes at a cost. Quite literally:

Did you know?

  • In 2004, AOL lost upwards of $400,000 following an internal data breach that saw the details of some 92 million AOL accounts sold to spammers by one of the company’s former software engineers (Source).
  • Yahoo’s $4.8 Billion sale to Verizon almost fell through in 2016 after the company revealed all 3 Billion of its users’ accounts were breached across 2013 and 2014 (Source).
  • In 2017, 2.2 million Wishbone user email addresses were exposed (Source).
  • In that same year, 36,000 Boeing employees’ email addresses and personal information were compromised after a staff member emailed the file to their spouse for help with formatting (Source).

Consider the fallout if an unauthorised third party accessed the last email you sent containing sensitive information, IP, or essential data. What would the fallout be? Information could be leaked online, sent to the press, or even held for ransom.

There are the legal and financial ramifications to consider, too. New and existing legislation such as GDPR is placing increased responsibility on those who deal with sensitive data to keep it safe, with hefty fines already being handed out for “…inadequate technical and organisational measures to ensure the protection of information security.

It’s time to say ‘sayonara’ to insecure communication channels

The revelation that email isn’t as secure as it seems often leads to one of two outcomes: organisations either shun digital solutions entirely in favour of analog processes from ‘the good old days’, or they shrug their shoulders and continue with business as usual as they lack a more effective solution.

Early on, Stellar identified this need to be able to access and distribute sensitive information while circumventing emails entirely securely. To do so requires a comprehensive business platform that doesn’t store files on user devices but harnesses the power of the cloud to provide anytime, anywhere access on any device.

When coupled with industry-leading encryption, the ability to revoke access on the fly, and advanced proprietary encryption technology that ensures documents are completely invisible without prior authorised access, boards, as well as trusts and enterprises, are finally able to share without the fear of becoming yet another statistic in a long line of email breaches.

Related Articles:

Previous Post
Importance of Board Meeting Minutes
Next Post
Paper Trails: The Unseen Costs Of An Analog Approach In The Digital Era